CVE-2025-15029
CRITICALCentreon Infra Monitoring 24.04.0-24.04.2, 24.10.0-24.10.2, 25.10.0-25.10.1 - Unauthenticated SQL Injection
Title source: llmDescription
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3.
References (2)
Core 2
Core References
Release Notes
https://github.com/centreon/centreon/releases
Patch, Vendor Advisory vendor-advisory
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356
Scores
CVSS v3
9.8
EPSS
0.1120
EPSS Percentile
95.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
centreon/awie
24.04.0 - 24.04.3
Published
Jan 05, 2026
Tracked Since
Feb 18, 2026